#!/usr/bin/env bash

# ----------------------------------------------------------------------
# Filename:   02-acl.sh
# Version:    1.0
# Date:       2021/06/22
# Author:     Lz
# Email:      lz843723683@gmail.com
# History：
#             Version 1.0, 2022/06/22
# Function:   acl - 02 自主访问控制有效性测试
# Out:
#             0 => TPASS
#             1 => TFAIL
#             2 => TCONF
# ----------------------------------------------------------------------

Title_Env_LTFLIB="访问控制测试 - 自主访问控制有效性测试"

HeadFile_Source_LTFLIB="${LIB_SSHAUTO}"

testuser1_acl2="ltfacl2"
testuser2_acl2="ltfacl3" # 新增测试用户
passwd1_acl2="olleH717.12.#$"
userip_acl2="localhost"
AddUserNames_LTFLIB="${testuser1_acl2} ${testuser2_acl2}" # 添加多个用户
AddUserPasswds_LTFLIB="${passwd1_acl2} ${passwd1_acl2}"

## TODO : 初始化
TestInit_LTFLIB() {
    # 创建临时文件
    testFile_acl02="${TmpTestDir_LTFLIB}/testfile"
    echo -e '#!/bin/bash\necho "this is a test"' >${testFile_acl02}
    chmod +x ${testFile_acl02}

    # 创建测试目录
    testDir_acl02="${TmpTestDir_LTFLIB}/testrwx"
    testDir2_acl02="${TmpTestDir_LTFLIB}/testdir2"
    mkdir -p ${testDir_acl02} ${testDir2_acl02}

    # 配置双用户免密登录
    SshAuto_OneConfig_LTFLIB "${userip_acl2}" "${testuser1_acl2}" "${passwd1_acl2}"
    SshAuto_OneConfig_LTFLIB "${userip_acl2}" "${testuser2_acl2}" "${passwd1_acl2}"

    return $TPASS
}

## TODO : 清理
TestClean_LTFLIB() {
    Debug_LLE "rm -rf ${testFile_acl02} ${testDir_acl02} ${testDir2_acl02}"
    rm -rf ${testFile_acl02} ${testDir_acl02} ${testDir2_acl02}
    return $TPASS
}

## TODO : 文件权限测试 - setfacl
testcase_1() {
    # 设置初始权限
    chmod 700 ${testFile_acl02}
    setfacl -b ${testFile_acl02}

    # Step1: 设置r-x权限
    setfacl -m u:${testuser2_acl2}:r-x ${testFile_acl02}
    CommRetParse_LTFLIB "setfacl -m u:${testuser2_acl2}:r-x"

    # Step2: 测试执行权限
    SshAuto_SetIpUser_LTFLIB "${userip_acl2}" "${testuser2_acl2}"
    SshAuto_CmdDef_LTFLIB "${testFile_acl02}" "no" "no"
    TestRetParse_LTFLIB "执行文件验证"

    # Step3: 测试读取权限
    SshAuto_CmdDef_LTFLIB "cat ${testFile_acl02}" "no" "no"
    TestRetParse_LTFLIB "读取文件内容"

    # Step4: 测试写入权限
    SshAuto_CmdDef_LTFLIB "echo test >> ${testFile_acl02}" "no" "yes"
    TestRetParse_LTFLIB "尝试写入文件"

    # Step5: 设置rwx权限
    SshAuto_SetIpUser_LTFLIB "${userip_acl2}" "${testuser1_acl2}"
    setfacl -m u:${testuser2_acl2}:rwx ${testFile_acl02}
    CommRetParse_LTFLIB "setfacl -m u:${testuser2_acl2}:rwx"

    # Step6: 验证写入
    SshAuto_SetIpUser_LTFLIB "${userip_acl2}" "${testuser2_acl2}"
    SshAuto_CmdDef_LTFLIB "echo pwd >> ${testFile_acl02}" "no" "no"
    TestRetParse_LTFLIB "写入文件内容"
    SshAuto_CmdDef_LTFLIB "cat ${testFile_acl02}" "no" "no"
    TestRetParse_LTFLIB "验证写入结果"
}

## TODO : 文件权限测试 - chmod
testcase_2() {
    # 重置权限
    chmod 700 ${testFile_acl02}

    # Step1: 设置755权限
    chmod 755 ${testFile_acl02}
    CommRetParse_LTFLIB "chmod 755"

    # Step2: 测试执行权限
    SshAuto_SetIpUser_LTFLIB "${userip_acl2}" "${testuser2_acl2}"
    SshAuto_CmdDef_LTFLIB "${testFile_acl02}" "no" "no"
    TestRetParse_LTFLIB "执行文件验证"

    # Step3: 测试读取权限
    SshAuto_CmdDef_LTFLIB "cat ${testFile_acl02}" "no" "no"
    TestRetParse_LTFLIB "读取文件内容"

    # Step4: 测试写入权限
    SshAuto_CmdDef_LTFLIB "echo changsha >> ${testFile_acl02}" "no" "yes"
    TestRetParse_LTFLIB "尝试写入文件"

    # Step5: 设置777权限
    SshAuto_SetIpUser_LTFLIB "${userip_acl2}" "${testuser1_acl2}"
    chmod 777 ${testFile_acl02}
    CommRetParse_LTFLIB "chmod 777"

    # Step6: 验证写入
    SshAuto_SetIpUser_LTFLIB "${userip_acl2}" "${testuser2_acl2}"
    SshAuto_CmdDef_LTFLIB "echo changsha >> ${testFile_acl02}" "no" "no"
    TestRetParse_LTFLIB "写入文件内容"
    SshAuto_CmdDef_LTFLIB "cat ${testFile_acl02}" "no" "no"
    TestRetParse_LTFLIB "验证写入结果"
}

## TODO : 目录权限测试
testcase_3() {
    # 初始化目录权限
    chmod 000 ${testDir_acl02}

    # 测试读权限
    setfacl -m u:${testuser2_acl2}:r-x ${testDir_acl02}
    ls -ld ${testDir_acl02} | grep "r-x"
    CommRetParse_LTFLIB "验证目录读权限"

    # 测试写权限
    setfacl -m u:${testuser2_acl2}:rwx ${testDir_acl02}
    SshAuto_SetIpUser_LTFLIB "${userip_acl2}" "${testuser2_acl2}"
    SshAuto_CmdDef_LTFLIB "touch ${testDir_acl02}/1.txt" "no" "no"
    TestRetParse_LTFLIB "目录写权限测试"

    # 测试执行权限
    chmod 000 ${testDir2_acl02}
    setfacl -m u:${testuser2_acl2}:--x ${testDir2_acl02}
    SshAuto_CmdDef_LTFLIB "cd ${testDir2_acl02}" "no" "no"
    TestRetParse_LTFLIB "目录执行权限测试"
}

## TODO : 主测试集
Testsuite_LTFLIB() {
    testcase_1
    testcase_2
    testcase_3

    return $TPASS
}

# 加载共用函数库
source "${LIB_LTFLIB}"
Main_LTFLIB $@
